lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <xmqqlh5gzuc8.fsf@gitster.mtv.corp.google.com>
Date:	Thu, 17 Mar 2016 14:07:51 -0700
From:	Junio C Hamano <gitster@...ox.com>
To:	git@...r.kernel.org
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: [ANNOUNCE] Git v2.7.4 (and updates to older maintenance tracks)

The latest maintenance release Git v2.7.4 is now available at the
usual places.  The same set of bugfix patches from the current
'master' have been backported to older maintenance tracks and are
available as v2.4.11, v2.5.5 and v2.6.6.  These are to fix a heap
corruption / buffer overflow bug and users are strongly encouraged
to upgrade.  The fix has already been in the release candidate
v2.8.0-rc3 as well.

The tarballs are found at:

    https://www.kernel.org/pub/software/scm/git/

The following public repositories all have a copy of the 'v2.7.4'
tag and the 'maint' branch that the tag points at:

  url = https://kernel.googlesource.com/pub/scm/git/git
  url = git://repo.or.cz/alt-git.git
  url = git://git.sourceforge.jp/gitroot/git-core/git.git
  url = git://git-core.git.sourceforge.net/gitroot/git-core/git-core
  url = https://github.com/gitster/git

----------------------------------------------------------------

Git v2.7.4 Release Notes
========================

Fixes since v2.7.3
------------------

 * Bugfix patches were backported from the 'master' front to plug heap
   corruption holes, to catch integer overflow in the computation of
   pathname lengths, and to get rid of the name_path API.  Both of
   these would have resulted in writing over an under-allocated buffer
   when formulating pathnames while tree traversal.

----------------------------------------------------------------

Changes since v2.7.3 are as follows:

Jeff King (7):
      add helpers for detecting size_t overflow
      tree-diff: catch integer overflow in combine_diff_path allocation
      http-push: stop using name_path
      show_object_with_name: simplify by using path_name()
      list-objects: convert name_path to a strbuf
      list-objects: drop name_path entirely
      list-objects: pass full pathname to callbacks

Junio C Hamano (4):
      Git 2.4.11
      Git 2.5.5
      Git 2.6.6
      Git 2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ